Submit a ticketCall us

Quickly Address Software Vulnerabilities
Patch Manager is an intuitive patch management software which extends the capabilities of WSUS and SCCM to not only patch Windows® servers and workstations, and Microsoft® applications, but also other 3rd-party applications which are commonly exploited by hackers. Learn More.

 

Home > Success Center > Log & Event Manager (LEM) > Integrating Check Point with SolarWinds LEM

Integrating Check Point with SolarWinds LEM

Created by Seamus.Enright, last modified by Steve.Hawkins on Aug 01, 2016

Views: 357 Votes: 1 Revisions: 15

Overview

You can integrate Check Point with your SolarWinds LEM appliance to allow Check Point logs to be stored on your LEM database and displayed as normalized alerts in your LEM Console. This involves several steps, which are all outlined in the following sections.

Environment

LEM with Check Point

Steps

Configure your Check Point server

This section contains two procedures that need to be completed on your Check Point server. These steps will help you create a Check Point OPSEC application that will allow communication between Check Point and your LEM Manager. It will also help you identify the firewall or SmartCenter management station you want to communicate with your LEM Manager.

Creating the OPSEC application for communication with your LEM Manager

  1. Open the Check Point Smart Dashboard.
  2. Click Manage > Servers and OPSEC Applications.
  3. Click New and select OPSEC Application.
  4. Enter a name for the SolarWinds OPSEC application using lower-case characters. For example, enter solarwinds.
  5. Next to Host, click New to configure your LEM Manager as the host for the new application.
    1. Enter the hostname of your LEM Manager in the Name field.
    2. Next to IP Address, click Resolve from Name to automatically populate the IP Address field with your LEM Manager's IP address.
    3. Click OK.
  6. Under Client Entities, check LEA and SAM.
  7. Click Policy > Install Database. 
  8. Under Secure Internal Communication, click Communication to set the one-time password that will be used to establish trust between your LEM Manager and Check Point firewall.
    1. Enter and confirm a one-time password in the fields provided.
      Important: Remember this password. It will be used in a later step.
    2. Click Initialize.
    3. If the initialization is successful, the Trust state value changes to Initialized but trust not established.
    4. Click Close.
  9. Click OK.
  10. In the Servers and OPSEC Applications window, select the application you just created, and then click Edit.
  11. Under Secure Internal Communication, copy the value in the DN field. This value will be used to configure your LEM Manager to communicate with Check Point.

Locating the DN for your Check Point server

  1. Open a Windows Command Prompt.
  2. Enter the following command at the command line: cpca_client lscert -kind SIC
  3. Note the value next to Subject that begins with CN=cp_mgmt.

Note: If you cannot complete this entire procedure at one time, save the password, OPSEC application DN, and Check Point server DN noted above in a text document for future reference.

Pull the Check Point security certificate

This section contains a procedure that you will complete from a Windows desktop. This could be the Check Point server itself or any other server that can communicate with your Check Point server.

Pulling the Check Point security Certificate:

Note: This procedure uses the opsec_pull_cert.exe file, which can be found with your Check Point product software. Alternately, you can download and extract it from the OPSEC SDK located here.

  1. Identify the folder that contains opsec_pull_cert.exe. This folder path will be used in a later step.
  2. Open a Windows Command Prompt.
  3. Enter the following command at the command line: folder\opsec_pull_cert.exe -hhost -n name -p password [-o output file]
    where:
    • folder is the folder identified in Step 1.
    • host is the hostname of the firewall or management station you used to create the OPSEC application above.
    • name is the name you provided to the SolarWinds OPSEC application in Step 4 above.
    • password is the password you provided in Step 7 above.
    • If you are performing this function on the Check Point server, you can use:
      • localhost
      • output file (optional) is the folder and file name for the certificate generated by the executable. By default, the executable exports the file to C:\Documents and Settings\User\opsec.p12.

Configure your LEM Manager

This section contains a procedure that you will complete in your LEM Console to configure the connector needed by your LEM Manager to process the log data it collects from your Check Point server.

To configure the Check Point connector for your LEM Manager:

  1. Open your LEM Console and log into your LEM Manager.
  2. In the Manage > Appliances view, click the Manager gear icon and select Connectors.
  3. In the Tool Configuration window, enter Check Point in the search box under Refine Results.
  4. Select the OPSEC™ / Check Point™ NG LEA Client connector, and then click Connectors gear icon > New.
  5. Configure the connector with the following values.
    • Alias: Enter a custom Connector Alias or accept the default.
    • OPSEC Server: Enter the IP address of your Check Point server.
    • Auth Port: Enter the LEA port for your Check Point server. The default port is18184, and is provided.
    • Server DN: Enter your Check Point server's DN, which you noted in Step 3 above.
      Note: You must use the DN for your Check Point server here, and the value must use only lower case letters. The default value will not work and your LEM Manager will not accept capital letters.
    • NG SSL CA: Click Browse (...) and open the certificate you saved above. The default file name is opsec.p12.
    • Client DN: Enter your OPSEC application's DN, which you noted in Step 10 above.
      Note: You must use the DN for your LEM OPSEC application here, which is case sensitive. The default value will not work.
    • Leave the remaining values at their default unless your LEM implementation warrants otherwise. 
  6. Click Save.
  7. Next to the connector you just configured, click Connector gear icon > Start. When the connector starts properly, the Status icon turns green.

You will now begin to see alerts from your Check Point firewall in your LEM Console. You can use the default Firewall filter as long as the Connector Alias defined in Step 5 contains the word firewall.

Create a Rule in Check Point Server

  1. On the Firewall tab, click Policy to open the Policy Manager.
  2. Create a new policy
  3. Set Source as LEM node.
  4. Set Destination as Checkpoint Server
  5. Add the following services:
    • FW1_lea
    • FW1_pull_cert
    • FW1_sam
  6. Click Policy > Install to install the policy. 

 

See the related links for more information:

 

Last modified
08:39, 1 Aug 2016

Tags

Classifications

Public